Merge pull request #1351 from SteveL-MSFT/wu-resource

Add WindowsUpdate resource

Author: SteveL-MSFT

Cargo.lock

@@ -17,6 +17,7 @@ members = [
     "resources/runcommandonset",
     "lib/dsc-lib-security_context",
     "resources/sshdconfig",
+    "resources/WindowsUpdate",
     "tools/dsctest",
     "tools/test_group_resource",
     "grammars/tree-sitter-dscexpression",
@@ -41,6 +42,7 @@ default-members = [
     "resources/runcommandonset",
     "lib/dsc-lib-security_context",
     "resources/sshdconfig",
+    "resources/WindowsUpdate",
     "tools/dsctest",
     "tools/test_group_resource",
     "grammars/tree-sitter-dscexpression",
@@ -67,6 +69,7 @@ Windows = [
     "resources/runcommandonset",
     "lib/dsc-lib-security_context",
     "resources/sshdconfig",
+    "resources/WindowsUpdate",
     "tools/dsctest",
     "tools/test_group_resource",
     "grammars/tree-sitter-dscexpression",
@@ -219,6 +222,14 @@ urlencoding = { version = "2.1" }
 which = { version = "8.0" }
 # dsc-lib
 ipnetwork = { version = "0.21" }
+# WindowsUpdate
+windows = { version = "0.62", features = [
+    "Win32_Foundation",
+    "Win32_System_Com",
+    "Win32_System_Ole", 
+    "Win32_System_Variant",
+    "Win32_System_UpdateAgent"
+] }
 
 # build-only dependencies
 # dsc-lib, dsc-lib-registry, sshdconfig, tree-sitter-dscexpression, tree-sitter-ssh-server-config

Cargo.toml

@@ -82,6 +82,8 @@
       "sshd-windows.dsc.resource.json",
       "sshd_config.dsc.resource.json",
       "windowspowershell.dsc.resource.json",
+      "windowsupdate.dsc.resource.json",
+      "wu_dsc.exe",
       "wmi.dsc.resource.json",
       "wmi.resource.ps1",
       "wmiAdapter.psd1",
@@ -387,6 +389,21 @@
         ]
       }
     },
+    {
+      "Name": "windowsupdate",
+      "Kind": "Resource",
+      "RelativePath": "resources/WindowsUpdate",
+      "SupportedPlatformOS": "Windows",
+      "IsRust": true,
+      "Binaries": [
+        "wu_dsc"
+      ],
+      "CopyFiles": {
+        "Windows": [
+          "windowsupdate.dsc.resource.json"
+        ]
+      }
+    },
     {
       "Name": "dsctest",
       "Kind": "Resource",

build.data.json

@@ -0,0 +1,14 @@
+{
+    "Name": "windowsupdate",
+    "Kind": "Resource",
+    "IsRust": true,
+    "SupportedPlatformOS": "Windows",
+    "Binaries": [
+        "wu_dsc"
+    ],
+    "CopyFiles": {
+        "Windows": [
+            "windowsupdate.dsc.resource.json"
+        ]
+    }
+}

resources/WindowsUpdate/.project.data.json

@@ -0,0 +1,15 @@
+[package]
+name = "dsc-resource-windows-update"
+version = "0.1.0"
+edition = "2021"
+
+[[bin]]
+name = "wu_dsc"
+path = "src/main.rs"
+
+[dependencies]
+serde = { workspace = true }
+serde_json = { workspace = true }
+
+[target.'cfg(windows)'.dependencies]
+windows = { workspace = true }

resources/WindowsUpdate/Cargo.toml

@@ -0,0 +1,143 @@
+# Microsoft.Windows/UpdateList DSC Resource
+
+## Overview
+
+The `Microsoft.Windows/UpdateList` resource enables querying information about Windows Updates using the Windows Update Agent COM APIs. This resource allows you to retrieve detailed information about specific updates available on or installed on a Windows system.
+
+## Features
+
+- Query Windows Update information by title
+- Retrieve comprehensive update details including:
+  - Installation status
+  - Update description
+  - Unique update identifier
+  - KB article IDs
+  - Recommended hard disk space
+  - Security severity rating
+  - Security bulletin IDs
+  - Update type (Software or Driver)
+
+## Requirements
+
+- Windows operating system
+- Windows Update Agent (built into Windows)
+- Administrator privileges may be required for certain update queries
+
+## Usage
+
+### Get Operation
+
+The `get` operation searches for a Windows Update by title or id (as exact match) and returns detailed information about the update.
+
+#### Input Schema
+
+```json
+{
+  "updates": [{
+    "title": "Security Update"
+  }]
+}
+```
+
+#### Example DSC Configuration
+
+```yaml
+# windows-update-query.dsc.yaml
+$schema: https://aka.ms/dsc/schemas/v3/configuration.json
+resources:
+- name: QuerySecurityUpdate
+  type: Microsoft.Windows/UpdateList
+  properties:
+    updates:
+    - title: "Security Update for Windows"
+```
+
+#### Output Example
+
+```json
+{
+  "updates": [{
+    "title": "2024-01 Security Update for Windows 11 Version 22H2 for x64-based Systems (KB5034123)",
+    "isInstalled": true,
+    "description": "Install this update to resolve issues in Windows...",
+    "id": "12345678-1234-1234-1234-123456789abc",
+    "isUninstallable": true,
+    "kbArticleIds": ["5034123"],
+    "recommendedHardDiskSpace": 512,
+    "msrcSeverity": "Critical",
+    "securityBulletinIds": ["MS24-001"],
+    "updateType": "Software"
+  }]
+}
+```
+
+## Properties
+
+### Input/Output Properties
+
+The resource returns an UpdateList object containing an array of updates:
+
+| Property              | Type            | Description                                           |
+|-----------------------|-----------------|-------------------------------------------------------|
+| updates               | array           | Array of update objects                               |
+| updates[].title       | string          | The full title of the Windows Update                  |
+| updates[].isInstalled | boolean         | Whether the update is currently installed             |
+| updates[].description | string          | Detailed description of the update                    |
+| updates[].id          | string          | Unique identifier (GUID) for the update               |
+| updates[].isUninstallable | boolean     | Whether the update can be uninstalled                 |
+| updates[].kbArticleIds | array[string]  | Knowledge Base article identifiers                    |
+| updates[].recommendedHardDiskSpace | integer (int64) | Recommended hard disk space in megabytes (MB) |
+| updates[].msrcSeverity | enum           | MSRC severity: Critical, Important, Moderate, or Low  |
+| updates[].securityBulletinIds | array[string] | Security bulletin identifiers                  |
+| updates[].updateType  | enum            | Type of update: Software or Driver                    |
+
+## Implementation Details
+
+- **Language**: Rust
+- **Executable**: `wu_dsc`
+- **COM APIs Used**: Windows Update Agent (WUA) COM interfaces
+  - `IUpdateSession`
+  - `IUpdateSearcher`
+  - `IUpdateCollection`
+  - `IUpdate`
+
+## Limitations
+
+- Requires Windows operating system
+- Search is case-insensitive and matches partial titles
+
+## Building
+
+To build the resource:
+
+```powershell
+cd resources/WindowsUpdate
+cargo build --release
+```
+
+The compiled executable will be located at `target/release/wu_dsc.exe`.
+
+## Testing
+
+To test the resource manually:
+
+```powershell
+# Create input JSON
+$input = @{ updates = @(@{ title = "Security Update" }) } | ConvertTo-Json -Depth 3
+
+# Query for an update
+$input | .\wu_dsc.exe get
+```
+
+## Error Handling
+
+The resource will return an error if:
+- No update matching the specified title is found
+- COM initialization fails
+- The Windows Update service is unavailable
+- Invalid input is provided
+
+## License
+
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT License.